Skip to main content
Ask Question
User Management
Asked a question 5 years ago

How can I extend the default LDAP schema?

Where am I?

In Bright Computing, Inc. you can ask and answer questions and share your experience with others!

How can I extend the default LDAP schema?

Such an extension should only be done if user management is no longer being done by Bright Cluster Manager, but, for example, by an external LDAP server.

The following three-step process can extend the default OpenLdap schema that is on Bright Cluster Manager, typically in order to match the schema present on the external LDAP server.

1. Write a local schema file with the extensions
Create a new file /cm/local/apps/openldap/etc/schema/local.schema with the new ldap schema additions. Eg, here it is three new attributes, and one auxiliary class for users:
attributetype ( 1.1.2.1.1 NAME 'ABHPCCloudProvider'
 DESC 'AB HPC Cloud Provider'
 EQUALITY caseIgnoreMatch
 SUBSTR caseIgnoreSubstringsMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 # SYNTAX = string
 attributetype ( 1.1.2.1.2 NAME 'ABMidPlus'
 DESC 'AB Mid Plus'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
 # SYNTAX = integer
 attributetype ( 1.1.2.1.3 NAME 'AthenaNeedsHomeDir'
 DESC 'Athena needs home directory'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
 # SYNTAX = boolean
 objectclass ( 1.1.2.2.1 NAME 'ABAthenaUser'
 DESC 'Athena user'
 SUP top AUXILIARY
MAY (ABHPCCloudProvider $ ABMidPlus $ AthenaNeedsHomeDir ) )

(For a full documentation of LDAP schema see: http://www.openldap.org/doc/admin24/schema.html#Extending%20Schema5)

2. Import the new schema in the LDAP configuration
Add the following line in /cm/local/apps/openldap/etc/slapd.conf to extend the schema:
include /cm/local/apps/openldap/etc/schema/local.schema
Restart LDAP to implement the addition:
[root@master01 ~]# /etc/init.d/ldap restart
Stopping slapd: [ OK ]

Checking configuration files for slapd: config file testing succeeded  [ OK ]

Starting slapd:        [ OK ]

3. Apply the new attributes to existing users

[root@master01 ~]# ldapmodify -v -w $LDAP_PASSWORD -D cn=root,dc=cm,dc=cluster -h 127.0.0.1

ldap_initialize( ldap://127.0.0.1 )
dn: uid=chumley,dc=cm,dc=cluster
changetype: modify
add: objectClass
objectClass: ABAthenaUser
-

add objectClass:
ABAthenaUser
modifying entry "uid=chumley,dc=cm,dc=cluster"
modify complete

dn: uid=chumley,dc=cm,dc=cluster
changetype: modify
add: ABHPCCloudProvider
ABHPCCloudProvider: BrightComputing
- add: ABMidPlus
ABMidPlus: 0
- add: AthenaNeedsHomeDir
AthenaNeedsHomeDir: 1
-

add ABHPCCloudProvider:
 BrightComputing
add ABMidPlus:
 0
add AthenaNeedsHomeDir:
 1
modifying entry "uid=chumley,dc=cm,dc=cluster"
modify complete